ZeframLou/bunni ZeframLou/bunni

  • Stars
    star
    120
  • Rank 287,691 (Top 6 %)
  • Language
    Solidity
  • Created almost 3 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
ZeframLou/bunni
github

ZeframLou

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

ERC-20 LP tokens for Uniswap V3

Bunni

ERC-20 LP tokens for Uniswap V3.

Problem

Uniswap V3 is awesome for boosting LP income, but it's also far more complex than Uniswap V2/Sushiswap, with ERC-721 NFT LP tokens instead of the ERC-20 LP tokens used by Uniswap V2/Sushiswap.

  • Projects prefer to incentivize liquidity on Uniswap V2/Sushiswap, due to the simplicity of the Uniswap V2 contracts and the wide array of battle-proven smart contracts that can be easily forked.
  • Individual liquidity providers prefer Uniswap V3 because they can earn much more fees from the same amount of liquidity.

Thus, projects usually have at least two separate pools of liquidity, one on Uniswap V3 and one on Uniswap V2/Sushiswap. This results in liquidity fragmentation.

  • Illuvium is incentivizing liquidity on Sushiswap, which has over $390M TVL seeing around $6M daily volume and earning 1.36% APY in trading fees.
    • Meanwhile, ILV has $0.5M TVL on Uniswap V3, but the LPs are seeing around $0.2M daily volume and earning over 800% APY in trading fees.

(Data from 12/29/2021)

Solution

Bunni enables projects to create ERC-20 LP tokens on Uniswap V3 and plug them into existing liquidity incentivization contracts designed for Uniswap V2/Sushiswap.

  1. Project creates Bunni LP token contract and staking contract for incentivizing LPs
  2. LPs provide liquidity using Bunni and get LP tokens
  3. Users stake LP tokens in staking contract and earn incentives

It's just like how liquidity mining works using good'ol Uniswap V2!

By using Bunni instead of Uniswap V2, projects can merge their liquidity into one Uniswap V3 pool instead of splitting it between Uniswap V2 and V3. This means:

  • Traders experience less slippage, since the liquidity is no longer fractured
  • LPs feel more comfortable providing liquidity & using more complex strategies on Uniswap V3, since they know most of the trading volume will go through Uniswap V3.

Features

  • ERC-20 LP token as fractional shares of a Uniswap V3 LP position
  • compound() for compounding trading fees back into the liquidity pool
  • Arbitrary price range (though we expect most projects to use full range due to its simplicity)
  • Hub-spoke architecture where the LP logic is built into the hub and the LP tokens are basic ERC-20 tokens with minimal additions. This makes deploying new Bunni LP tokens much cheaper, as well as concentrates user token approvals to the hub to save gas on approvals.

Get Started

Install Foundry, then

npm i -D
npm run prepare
forge install
forge test

Known issues

Frontrunning the first deposit may steal 1/4 of the deposit

When a new Bunni token is created and the first deposit is made to the Bunni token, it is possible for an attacker to frontrun it to steal ~1/4 of the deposit. Let the user's deposit liquidity amount be L.

  • Attacker mints MIN_INITIAL_SHARES Bunni tokens.
  • Attacker burns MIN_INITIAL_SHARES - 1 Bunni tokens, resulting in a total supply of 1.
  • Attacker mints L/2 + 1 liquidity to the Bunni token's Uniswap v3 position. This is possible because anyone can increase the liquidity of anyone else on Uniswap.
  • The user deposits L liquidity, giving them L / (L/2 + 1) = floor(1.99...) = 1 Bunni tokens.
  • Now if the user burns the 1 Bunni token, they would receive 1/2 * (L + L/2 + 1) = floor(3L/4 + 1/2) = 3L/4 liquidity, meaning they lost L/4 liquidity.

While this attack is theoretically possible, it does not pose a practical problem.

  • The Bunni website combines Bunni token creation and the first deposit into a single multicall, meaning it's impossible for an attacker to insert a transaction in between the two actions.
  • The Bunni Zap contract provides a sharesMin parameter, allowing the user to specify the minimum number of Bunni tokens received. This means if an attacker attempted to perform the aforementioned attack, the transaction will simply revert.

However, smart contract integrators should be aware of this problem to avoid losing funds.

Compound calls can be sandwiched

An attacker can perform a sandwich attack on compound calls by submitting the following package of transactions:

  • Buy a token from the Uniswap pool underlying the Bunni token
  • Compound fees earned by the Bunni token LPs into more liquidity
  • Sell the token back for slightly more tokens than started with

This is the result of the intentional design decision to keep compounding permissionless, so there's no perfect solution to it. Realistically it's not going to be a problem since the amount of funds being compounded is usually small (on the same order of magnitude as the gas cost of compounding).

More Repositories

1

playpen

Playpen is a set of modern, gas optimized staking pool contracts.
Solidity
271
star
2

create3-factory

Solidity
251
star
3

vested-erc20

A wrapper ERC20 token that linearly vests an underlying ERC20 token to its holders.
Solidity
240
star
4

foundry-template

Minimalist template for foundry projects
Solidity
153
star
5

trustus

Trust-minimized way to access offchain data onchain
Solidity
138
star
6

universal-bridge

Unified interface for sending messages from Ethereum to other chains and rollups.
Solidity
101
star
7

foundry-docgen

JavaScript
50
star
8

pooled-cdai

Pools DAI, converts it into Compound DAI, and sends interests to a beneficiary. Users putting DAI into the pool receives Pooled cDAI (pcDAI), an ERC20 token which is 1-for-1 redeemable for DAI at any time.
Solidity
48
star
9

foundry-canary

Minimal repo for Foundry examples and reproducing bugs in Foundry
Solidity
46
star
10

bagholder

Reward holders of an NFT without needing their NFTs to leave their wallets
Solidity
46
star
11

token-migrator

A simple contract for migrating from an old ERC20 token to a new ERC20 token.
Solidity
35
star
12

RevS

RevS is an open source P2P library for building Peer-to-Peer based apps.
Objective-C
19
star
13

ethhead

JavaScript
17
star
14

fee-distributor

Solidity
15
star
15

mev-token

JavaScript
14
star
16

hardhat-template

My personal template for hardhat projects
TypeScript
11
star
17

zeroswap

AMM written in Zinc for zkSync, based on Uniswap v2
Rust
9
star
18

warpy-contracts

Warpy is Venmo + them 🔥 DeFi interests
JavaScript
6
star
19

pooled-cdai-subgraph

The Graph protocol subgraph for Pooled cDAI
TypeScript
5
star
20

blog

HTML
3
star
21

YHack2017-Submission

Submission for YHack 2017
Python
3
star
22

pooldai-frontend

TypeScript
2
star
23

RevS-Server

A server implementation using RevS.
Objective-C
1
star
24

pooldai

HTML
1
star
25

RevS-Test

A test client app using RevS for iOS
Objective-C
1
star
26

pool-dai-ui

Front end for Pool DAI
TypeScript
1
star
27

f12-landing-page

1
star
28

p2pLazer

An easy-to-use hybrid P2P library with high stability and success rate.
Objective-C
1
star
29

astrodrop-production

CSS
1
star
30

Concave-NFT-SC

hardhat
Solidity
1
star